0

Suppose I want to open a port 80 in a certain security group on my AWS infrastructure to renew a Let's Encrypt certificate, restart the BD, and then close it after the next command runs. How would I do that?

Would it suffice write a script with the below and simply add it into the cron

GROUPID = $(aws ec2 describe-security-groups)

to get the security group ID of the current server and to then run

aws ec2 authorize-security-group-ingress --group-id $GROUPID --ip-permissions '[{"IpProtocol": "tcp", "FromPort": '0', "ToPort": '80', "IpRanges": [{"CidrIp": "0"}]}]'

in order to authorize access

then run a command I need on that port

sudo certbot renew

then

aws ec2 revoke-security-group-ingress

to revoke access.

Then

# restart DB

Or is there a more elegant solution?

Aerodynamika
  • 7,883
  • 16
  • 78
  • 137
  • How does opening inbound port 80 help you to renew a cert? As a general rule, this approach seems to fly in the face of all we've learned about DevOps and immutable infrastructure. – jarmod Oct 13 '20 at 22:35
  • Well, to renew a certificate via Let's Encrypt it has to access the server via the :80 port (I don't know why). So if I have that port usually closed I want to open it to enable this temporary access. What would be a better way to do that? – Aerodynamika Oct 20 '20 at 15:48

0 Answers0